Portal login
You can view all our alerts from this page. Use the filters below to filter by audience type, title and summary and the sort options to sort for the most recently updated or published content.
08 May 2021
Avaddon Ransomware
Increase in Avaddon ransomware attacks in Australia.
27 Apr 2021
Potential exploitation of Click Studio’s PasswordState software
On 24 April 2021, Australian software company Click Studios announced a compromise of the software update process for their enterprise password management software PasswordState, used by organisations in Australia and globally.
21 Apr 2021
Exploitation of Pulse Connect Secure Vulnerabilities
New advice for mitigating Pulse Connect Secure Virtual Private Network (VPN) vulnerabilities
15 Apr 2021
Exchange server critical vulnerabilities
On 2 March 2021 Microsoft released information regarding multiple exploits being used to compromise instances of Microsoft Exchange Server. Malicious actors are exploiting these vulnerabilities to compromise Microsoft Exchange servers exposed to the internet, enabling access to email accounts and to enable further compromise of the Exchange server and associated networks.
03 Apr 2021
APT exploitation of Fortinet Vulnerabilities
Advanced Persistent Threat actors targeting historic Fortinet vulnerabilities
25 Feb 2021
Potential Accellion File Transfer Appliance compromise
ACSC identified Australian organisations may have been impacted the Accellion File Transfer Appliance vulnerability and has provided mitigation recommendations.
VMware vCenter Server plugin remote code execution vulnerability (CVE-2021-21972)
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises users of VMware vCenter Server products, including as part of VMware Cloud Foundation, to ensure their systems are promptly patched after the recent disclosure of a new remote code execution vulnerability.
16 Feb 2021
Malware targeting Centreon software
ANSSI identifies campaign targeting Centreon system monitoring software
04 Feb 2021
SonicWall Breach
SonicWall identified an internal systems breach using a zero-day vulnerability within the SMA 100 series 10.x code.
25 Jan 2021
Potential SolarWinds Orion compromise
FireEye identifies global campaign leveraging malicious updates to SolarWinds software.
05 Jan 2021
Phone and email scammers impersonating the ACSC
Scammers purporting to be from ACSC are calling and emailing Australians and attempting to trick them into installing malicious software on personal devices.
12 Nov 2020
SDBBot targeting health sector
The ACSC has observed increased targeting activity against the Australian health sector by actors using the SDBBot Remote Access Tool (RAT).
30 Oct 2020
Sustained targeting of the health sector
The Australian Signals Directorate’s Australian Cyber Security Centre has identified a sustained campaign by sophisticated cybercrime actors impacting the Australian health sector.
01 Oct 2020
2019-131a: Emotet malware campaign
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has observed an ongoing and widespread campaign of malicious emails designed to spread Emotet across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies.
22 Sep 2020
Netlogon elevation of privilege vulnerability (CVE-2020-1472)
The ACSC is aware of a recently disclosed critical vulnerability in Microsoft Active Directory Domain Controller systems that allows unauthenticated attackers to trivially access administrative credentials.
18 Sep 2020
Active exploitation of vulnerable MobileIron products
The ACSC is aware of active exploitation of vulnerabilities in multiple MobileIron products by malicious cyber actors, including sophisticated state-based actors.
16 Sep 2020
Copy-paste compromises
The Australian Government is aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor. The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of tools copied almost identically from open source.
13 Aug 2020
Phone scams impersonating Australian businesses and government agencies
Cybercriminals are spoofing Australian mobile numbers and pretending to be from an Australian Government agency, delivery company or business, manipulating the individual to gain access to their device.
02 Aug 2020
Ransomware targeting Australian aged care and healthcare sectors
ACSC is aware of increasing targeting of healthcare, including hospitals and aged care, by ransomware campaigns undertaken by cyber criminals.
16 Jul 2020
Increasing reports of myGov-related SMS and email scams targeting Australians
Be on the lookout for myGov-related SMS and email scams asking you to verify your myGov details.
15 Jul 2020
Remote code execution vulnerability in Windows DNS (CVE-2020-1350)
On 14 July 2020, Microsoft acknowledged a critical remote code execution vulnerability in Windows Domain Name System (DNS), which could allow an adversary to run arbitrary code.
14 Jul 2020
Critical vulnerability for SAP NetWeaver Application Server (CVE-2020-6287)
On 13 July 2020 (United States EST), enterprise resource planning provider SAP released a security patches for a critical vulnerability affecting the Java component LM Configuration Wizard within the SAP NetWeaver Application Server.
06 Jul 2020
TMUI remote code execution vulnerability - CVE-2020-5902
The ACSC advises users of F5’s enterprise and data centre BIG-IP products to ensure their systems are promptly patched after the recent disclosure of new remote code execution vulnerability.
25 May 2020
DDoS threats being made against Australian organisations
The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) is aware of a number of Denial of Service (DoS) for ransom threats being made against Australian organisations, primarily in the banking and finance sector.
22 May 2020
2019-126: Vulnerable version of Telerik UI being actively exploited by APT actor
The Australian Cyber Security Centre (ACSC) has become aware that Advanced Persistent Threat (APT) actors have been scanning for and attempting exploitation against unpatched versions of Telerik UI for ASP.NET AJAX using publicly available exploits. Successful exploitation could allow an attacker to upload files to the vulnerable server to facilitate further compromise.
COVID-19 malicious cyber activity
Malicious cyber actors are actively targeting individuals and Australian organisations with COVID-19 related scams and phishing emails. These incidents are likely to increase in frequency and severity over the coming weeks and months. This is due, in part, to the ease in which existing scam emails and texts can be modified with a COVID-19 theme.
Active exploitation of vulnerability in Microsoft Internet Information Services
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware that sophisticated actors are actively exploiting a deserialisation vulnerability existing in all versions of Microsoft’s Internet Information Services (IIS) using the .NET framework (.NET). The vulnerability exploits the service’s VIEWSTATE parameter to allow for remote code execution by unauthorised users.
20 May 2020
Summary of Tradecraft Trends for 2019-20
The Australian Cyber Security Centre (ACSC) investigated and responded to numerous cyber security incidents during 2019 and 2020 so far.
08 May 2020
Advanced Persistent Threat (APT) actors targeting Australian health sector organisations and COVID-19 essential services
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is aware that Advanced Persistent Threat (APT) actors are actively targeting health sector organisations and medical research facilities.
16 Apr 2020
Sextortion email campaign impacting Australians
A large number of Australians are being impacted by an email ‘sextortion’ campaign in which the cyber scammers responsible have threatened to release personal and sensitive information to the recipients’ contacts unless the scammer is paid in cash or bitcoin.
06 Feb 2020
2020-003: Mailto ransomware incidents
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of recent ransomware incidents involving a ransomware tool known as ‘Mailto’ or ‘Kazakavkovkiz’. Mailto belongs to the KoKo ransomware family.
29 Jan 2020
Processors can be exploited by Meltdown and Spectre vulnerabilities
Security researchers have developed methods involving speculative execution to read kernel memory from user space on a variety of processors from a range of vendors produced in the last decade. These methods have been referred to as Meltdown and Spectre.
15 Jan 2020
2020-002: Critical vulnerabilities for Microsoft Windows
On 15 January 2020 (AEDT), Microsoft released security patches for three critical and one important vulnerabilities in the Microsoft Remote Desktop Client, Remote Desktop Gateway and the Windows operating system. The ACSC recommends that users of these products apply patches urgently to prevent malicious actors from using these vulnerabilities to compromise your network.
13 Jan 2020
Active exploitation of critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of ongoing attempts to exploit a critical vulnerability in Citrix Application Delivery Controller (ADC) (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP.
13 Dec 2019
Australia Post SMS scam targeting Australians
With millions of parcel deliveries expected around the country, Australia Post is seeing widespread scam text (SMS) messages being sent to people, using their brand.
05 Aug 2019
2019-130: Password spray attacks
The Australian Cyber Security Centre (ACSC) is aware of a high volume of ongoing password spray attacks targeting Australian organisations.
30 Jul 2019
ICS-CERT Alerts
Link to ICS-CERT alerts from the US Department of Homeland Security
24 Jul 2019
Sextortion campaign
The Australian Cyber Security Centre (ACSC) is aware of a sextortion scam email campaign targeting the Australian community.
03 Jul 2019
2019-009: Securing unprotected network and data services
The Australian Cyber Security Centre (ACSC), the cyber defensive component of the Australian Signals Directorate (ASD), has observed a large number of unprotected network and database/storage services hosted on Australian Internet Protocol (IP) address ranges.
06 Jun 2019
Microsoft Windows security vulnerability – ‘BlueKeep’ (CVE-2019-0708)
CVE-2019-0708, also known as ‘BlueKeep’ leaves users open to attack from malicious actors who can exploit a vulnerability via Remote Desktop Services (RDS) on legacy versions of the Windows operating system.
06 May 2019
Microsoft SharePoint CVE-2019-0604
The ACSC is aware of malicious cyber actors successfully exploiting a Microsoft SharePoint vulnerability in order to implant web shells on compromised hosts.
15 Mar 2019
773M accounts affected by 'Collection #1' breach
The Australian Cyber Security Centre (ACSC) is aware of a significant data breach affecting 773 million email addresses and usernames.
29 Sep 2018
Facebook security issue affects 50M user accounts
The ACSC is aware of a security issue affecting 50 million Facebook user accounts whereby a flaw in the 'View As' feature allowed attackers to steal Facebook access tokens, which could be used to take over user's accounts. Access tokens are the equivalent of digital keys that allow users to remain logged into Facebook.
01 Jul 2018
Vulnerability in the Drupal content management system
The ACSC has become aware of a critical vulnerability in the Drupal content management system. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
25 May 2018
VPNFilter malware
Australian users need to be aware of VPNFilter malware.
17 Apr 2018
Routers targeted: Cisco Smart Install feature continues to be targeted by Russian state-sponsored actors
Russian state-sponsored actors are responsible for activity targeting Cisco devices using the Smart Install feature worldwide, including Australia.
15 Nov 2015
Web shells being used as attack vectors on networks
This alert highlights the frequent use of web shells as an exploitation vector. Web shells can be used to leverage unauthorised access and can lead to wider network compromise.
